I'm trying to map out time to go back and deep dive on Microsoft Recall and security implications and changes since last year.
Are there any current writeups on it? I'm trying to figure out what needs concentrating on - when I'm googling, I'm just finding my own blog.
After a bunch of discussions with a bunch of folks, it’s pretty clear there’s been zero published research on Copilot Recall in almost a year - all the news articles have just reprinted Microsoft’s talking points saying it is secure now.
So that’s not in a happy place.
I set aside 7 hours today to set a fresh Copilot+ PC up (I want to make 100% sure it is representative) and investigate the security of Microsoft Recall in depth..
I’m currently 6 hours in and I’m still waiting for updates to install to get Recall working. The initial Copilot+ Windows setup failed three times too as sdx.microsoft.com kept going offline, I had to debug the setup process.
Okay, the Recall database is still an SQLite database in AppData. Same path.
Accessible without admin rights and without triggering UAC using TotalRecall.
It's encrypted using a .net now, AesGcm - https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.aesgcm
I think I've found the decryption key, one for another day as I've teevee to watch now.
